Valid users & SAMBA_3_0_23
jra at samba.org
Fri Aug 4 15:36:01 GMT 2006
On Fri, Aug 04, 2006 at 10:00:25AM -0500, Gerald (Jerry) Carter wrote:
> Since I am of the position that all domain accounts in
> smb.conf should be fully qualified, I'd expect 'force user =
> lizard' to resolve the to the Unix SID and not domain SID.
> I know this is subtle. What are your thoughts here?
Yep - just looked at the code in lookup_name(). That's
what is going this. There's a comment in there for a
similar common case :
* For 'valid users = +users' we know "users" is most probably not
* BUILTIN\users but the unix group users. This hack requires the
* admin to explicitly qualify BUILTIN if BUILTIN\users is meant.
I'm loath to change lookup_name, Volker spent a *lot* of time
getting that right :-). Let me look at the codepaths....
Using a domain of "Unix users" will force the correct lookup....
More information about the samba-technical